CVE-2016-9061: High severity firefox vulnerability

Q: What is the severity of CVE-2016-9061?

The severity of CVE-2016-9061 is high, with a CVSS score of 7.5.

Q: Which software is affected by CVE-2016-9061?

The software affected by CVE-2016-9061 is Mozilla Firefox for Android, versions up to and excluding 50.0.

Q: What is the impact of CVE-2016-9061?

CVE-2016-9061 allows a previously installed malicious Android app to access API keys meant for Firefox, potentially compromising user data.

Q: How can I fix CVE-2016-9061?

To fix CVE-2016-9061, update Mozilla Firefox for Android to a version higher than 50.0.

Q: Are other versions and operating systems affected by CVE-2016-9061?

No, other versions and operating systems are unaffected by CVE-2016-9061.

Published Nov 15, 2016

Updated

A previously installed malicious Android application which defines a specific signature-level permissions used by Firefox can access API keys meant for Firefox only. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected.

Affected Software

3 affected componentsFixes available

Mozilla Firefox<50

Mozilla Firefox<50.0

Google Android

Event History

Nov 15, 2016

CVE Published

12:00 AM

Jun 11, 2018

CVE Published

via MITRE·09:00 PM

Data Sourced

via MITRE·09:00 PM

DescriptionWeakness

Parent advisories

This vulnerability appears in the following advisories.

MFSA2016-89

Peer vulnerabilities

Found alongside the following vulnerabilities.

Frequently Asked Questions

What is the severity of CVE-2016-9061?

The severity of CVE-2016-9061 is high, with a CVSS score of 7.5.

Which software is affected by CVE-2016-9061?

The software affected by CVE-2016-9061 is Mozilla Firefox for Android, versions up to and excluding 50.0.

What is the impact of CVE-2016-9061?